Tag: open-source
-
Weaponized pen testers are becoming a new hacker staple
by
in SecurityNews
Tags: access, attack, cloud, credentials, defense, google, hacker, iam, intelligence, linux, macOS, malicious, malware, microsoft, open-source, password, penetration-testing, RedTeam, software, strategy, threat, tool, vulnerability, windowsMalicious adaptations of popular red teaming tools like Cobalt Strike and Metasploit are causing substantial disruption, emerging as a dominant strategy in malware campaigns.According to research by threat-hunting firm Elastic, known for its search-powered solutions, these two conventional penetration testing tools were weaponized to account for almost half of all malware activities in 2024.”The most…
-
Walking the Walk: How Tenable Embraces Its >>Secure by Design<< Pledge to CISA
by
in SecurityNews
Tags: access, application-security, attack, authentication, best-practice, business, cisa, cloud, conference, container, control, credentials, cve, cvss, cyber, cybersecurity, data, data-breach, defense, exploit, Hardware, identity, infrastructure, injection, Internet, leak, lessons-learned, mfa, open-source, passkey, password, phishing, risk, saas, service, siem, software, sql, strategy, supply-chain, theft, threat, tool, update, vulnerability, vulnerability-managementAs a cybersecurity leader, Tenable was proud to be one of the original signatories of CISA’s “Secure by Design” pledge earlier this year. Our embrace of this pledge underscores our commitment to security-first principles and reaffirms our dedication to shipping robust, secure products that our users can trust. Read on to learn how we’re standing…
-
Faux ChatGPT, Claude API Packages Deliver JarkaStealer
by
in SecurityNewsAttackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer
-
Admins better Spring into action over latest critical open source vuln
by
in SecurityNews
Tags: open-sourceFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/29/admins_spring_into_action_over/
-
Tickt in der frei verfügbaren Open-Source-Software eine Security-Zeitbombe?
by
in SecurityNewsOpen-Source: Meldungen, dass Cyberkriminelle Open-Source-Software mit gefährlichen Exploits oder Backdoors infiltrieren, häufen sich. Tickt in der frei verfügbaren Software eine Security-Zeitbombe? Wie können sich insbesondere Entwickler vor gefährlichen Backdoors oder Malware schützen? Netzpalaver hat zu dieser Fragestellung einige Statements aus der Netzpalaver-Community eingefangen, die sukzessive nachfolgend veröffentlicht werden. Statement von Harold Butzbach, Sysdig Statement […]…
-
Im Kontext der CRA-Umsetzung droht Herstellern Open-Source-Falle
by
in SecurityNews
Tags: open-sourceFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/kontext-cra-umsetzung-drohung-hersteller-open-source-falle
-
MSSP Market Update: Google’s AI Boost Identifies 26 New Vulnerabilities in Open-Source Projects
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-googles-ai-boost-identifies-26-new-vulnerabilities-in-open-source-projects
-
Google AI Tool Finds 26 Bugs in Open-Source Projects
by
in SecurityNewsOne Vulnerability Had Been Undiscovered for Two Decades, Researchers Said. Google researchers used an AI-powered fuzzing tool to identify 26 vulnerabilities in open-source code repositories, some of which had been lurking undiscovered for several decades. Each was found with AI, using AI-generated and enhanced fuzz targets, Google said. First seen on govinfosecurity.com Jump to article:…
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
by
in SecurityNews
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
Proxmox Virtual Environment 8.3: SDN-firewall integration, faster container backups, and more!
by
in SecurityNewsThe Proxmox Virtual Environment 8.3 enterprise virtualization solution features management tools and a user-friendly web interface, allowing you to deploy open-source … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/22/open-source-proxmox-virtual-environment-8-3-released/
-
AI and Open Source Security: The Critical Role of AI-Powered Fuzzing in Finding Flaws
by
in SecurityNewsGoogle initiative First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ai-in-fuzzing-uncovers-vulnerabilities/
-
Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects
by
in SecurityNewsGoogle has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library.”These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,” First seen on thehackernews.com…
-
AxoSyslog: Open-source scalable security data processor
by
in SecurityNewsAxoSyslog is a syslog-ng fork, created and maintained by the original creator of syslog-ng, Balazs Scheidler, and his team. “We first started by making syslog-ng more … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/21/axosyslog-open-source-scalable-security-data-processor/
-
GitHub Secure Open Source Fund: Project maintainers, apply now!
by
in SecurityNewsGitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/open-source-security-funding/
-
GitHub Launches Fund to Improve Open Source Project Security
by
in SecurityNewsGitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects. The post GitHub Launches Fund to Improve Open Source Project Security appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/github-launches-fund-to-improve-open-source-project-security/
-
RIIG Launches With Risk Intelligence Solutions
by
in SecurityNewsRIIG is a risk intelligence and cybersecurity solutions provider offering open-source intelligence solutions designed for zero-trust environments. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/riig-launches-risk-intelligence-solutions
-
Debunking myths about open-source security
by
in SecurityNewsIn this Help Net Security interview, Stephanie Domas, CISO at Canonical, discusses common misconceptions about open-source security and how the community can work to dispel … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/stephanie-domas-canonical-open-source-maturity/
-
GitHub launches $1.25M open source fund with a focus on security
by
in SecurityNewsThe open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the most critical projects via equity-free financing. Today it’s GitHub’s turn, launching the GitHub Secure Open Source Fund with an initial commitment of $1.25 million…
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
by
in SecurityNewsIntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
Open Source-Schwachstellenscanner kann Domänencontroller schützen – Active Directory mit OpenVAS auf Sicherheitslücken untersuchen
by
in SecurityNews
Tags: open-sourceFirst seen on security-insider.de Jump to article: www.security-insider.de/active-directory-mit-openvas-auf-sicherheitsluecken-untersuchen-a-e8d9e6fb316f793be84ad448116605de/
-
Open-Source Security Tools are Free… And Other Lies We Tell Ourselves
by
in SecurityNewsThe most expensive security tool isn’t the one you pay for – it’s the one that fails when you need it most. Just ask those 110,000 websites that thought they were saving money. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/open-source-security-tools-are-free-and-other-lies-we-tell-ourselves/
-
AlmaLinux 9.5 released: Security updates, new packages, and more!
by
in SecurityNewsAlmaLinux is a free, open-source, enterprise-grade Linux distribution. Governed and owned by the community, it offers a production-ready platform with binary compatibility to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/almalinux-9-5-teal-serval-released/
-
Open-source and free Android password managers that prioritize your privacy
by
in SecurityNewsWe’re often told to use strong, unique passwords, especially for important accounts like email, banking, and social media. However, managing different passwords for numerous … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/open-source-free-android-password-managers/
-
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps
by
in SecurityNewsScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/18/scubagear-open-source-tool-assess-microsoft-365-security/
-
How to make open source software more secure
by
in SecurityNewsEarlier this year, a Microsoft developer realized that someone had inserted a backdoor into the code of open source utility XZ Utils, which is used in… First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/01/how-to-make-open-source-software-more-secure/
-
Open source LLM tool primed to sniff out Python zero-days
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/20/python_zero_day_tool/
-
Generating High Quality Test Data for MySQL Through De-identification and Synthesis
by
in SecurityNewsAs one of the most popular open-source databases, widely used for web applications, MySQL is no stranger to PII and sensitive data. At the same time, its users need production-like data for effective development and testing. Here are the challenges involved in anonymizing MySQL databases and solutions for tackling them. First seen on securityboulevard.com Jump…
-
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
by
in SecurityNewsCybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure.The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8.Environment variables are user-defined values that can allow a program First seen on thehackernews.com…